SOC Operators - What's a client that makes your SOC team go feral?

A client of the SOC team seems to have a personal attachment to a piece of malware, as one of their endpoints is regularly reported for depositing the same malicious files multiple times a day in their backups. Despite preventive measures such as renaming, blocking, and deleting the files, the client does not respond to alerts or communication attempts from the SOC team. The system continues to attempt to back up the infected files, creating a repetitive cycle where the XDR blocks the malware and alerts are sent.